PDA

View Full Version : Session Expiry - Popup



Basil
26-08-2007, 01:45 PM
From a locked thread (http://www.chesschat.org/showthread.php?t=4135) in 'News and Announcements'

k2network hacking attempt

Note that there was a hacker who registered on the board and posted some shoutbox entries which caused some user browsers to prompt for a user id and password in a pop-up box.

If this happened to you and you provided a userid and password then you should consider that password now compromised. Please do not delay in changing your password asap. This should be done on any system on which that password may be used or on which the password may be guess from the password compromised.

The hacker's should were only up for a short time and hopefully no one provided their password before evasive action was taken. However, there is alway the risk of future hacking attempts so users are reminded to be very careful about where and when they provide sensitive information. If something unusual happens, particular when viewing the main index on chess chat, press cancel as the first response.

The screenshot (below) represents a message I have received a few times.
My session had not expired under the two hour parameter.
The password I use for this BB is not sensitive.

http://i4.photobucket.com/albums/y105/scene66/misc%20images/screenshot.jpg

Garrett
26-08-2007, 01:48 PM
Are you serious ?

Preposterous !

Outrageous !

Unbelievable !!

Who on earth would believe Gunner would have, or could remember, a four character password.

Rincewind
26-08-2007, 02:37 PM
The screenshot (below) represents a message I have received a few times.
My session had not expired under the two hour parameter.
The password I use for this BB is not sensitive.


I'd say you are ok there and it is probably a chesschat server or browser issue.

The pop-up windows I was talking about were separate application windows entirely and did not look like the vb login screen at all. They were inserted as commands in the shoutbox and so would start up on members computers and potentially captured the members userid and password for hacking.

The issue of password sensitivity is a timely reminder for everyone though. You should use strong password, avoid sharing password across multiple sites and change passwords regularly. If a password becomes compromised, change it and all system where that password or any derivative passwords are used.

At a minimum, reasonably strong passwords should

be 8 characters or more
contain a mix of case, alphabetic, numerics and symbols
not be found in a dictionary
not be easily guessed from the userid or the members real identity or previous passwords etc
be changed every 3 months or more
not be shared with anyone

Basil
26-08-2007, 02:56 PM
Thanks for clearing that up.